When running apt-get upgrade in automated provisioning scripts (like Chef's knife cloudstack), interactive configuration file prompts break the automation flow. This commonly occurs when:
* The package maintainer provides an updated config file
* Your existing config has local modifications
* The system can't determine which version to keep
For Ubuntu 12.04, these dpkg options provide the most robust solution:
DEBIAN_FRONTEND=noninteractive \\
apt-get -y -o Dpkg::Options::="--force-confdef" \\
-o Dpkg::Options::="--force-confold" upgradeKey parameters:
--force-confdef: Uses the default option (keeps old configs when unchanged)--force-confold: Preserves local modifications by always keeping old configs
For infrastructure automation, I recommend this complete approach:
#!/bin/bash
export DEBIAN_FRONTEND=noninteractive
# First update package lists
apt-get update -qq
# Then upgrade with conflict resolution
apt-get -y -o Dpkg::Options::="--force-confdef" \\
-o Dpkg::Options::="--force-confold" \\
--allow-unauthenticated \\
--fix-broken install
# Optional: Force upgrade for specific packages
apt-get -y --only-upgrade install nscd bind9
When dealing with config files during upgrades:
| Option | Behavior | Use Case |
|---|---|---|
| Y/I | Installs maintainer's version | When you want package defaults |
| N/O | Keeps current version | For custom configurations |
| D | Shows differences | Manual inspection |
For critical systems:
- Maintain configs in version control
- Use configuration management tools (Chef/Puppet/Ansible)
- Test upgrades in staging with
--dry-run - For NSCD specifically, consider:
# Preserve existing nscd.conf but get new features
apt-get -y install nscd
cp /etc/nscd.conf /etc/nscd.conf.bak
apt-get -y install --reinstall nscd
# Manually merge changes from /etc/nscd.conf.dpkg-newWhen running apt-get upgrade in automated deployments (like Chef's knife cloudstack bootstrap), the process halts when encountering modified config files. This creates a chicken-and-egg problem:
# Example of the blocking prompt
Configuration file /etc/nscd.conf'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do? (Y/I/N/O/D/Z) [default=N] ?
Before solving the automation issue, let's address the second concern about nscd (Name Service Cache Daemon):
- nscd caches user/group/hostname lookups
- Default config usually works for most cases
- If you've customized it, you'll want to merge changes
The definitive solution is to use DEBIAN_FRONTEND=noninteractive:
# In your bootstrap script:
export DEBIAN_FRONTEND=noninteractive
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade
This combination:
--force-confdef: Uses package maintainer's version if unchanged locally--force-confold: Keeps old config files when they exist
For more control, create a preseed file:
# /etc/apt/apt.conf.d/local
Dpkg::Options {
"--force-confdef";
"--force-confold";
}
To handle nscd.conf specifically in Chef:
# In your recipe:
execute "apt-get upgrade" do
command "DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' upgrade"
action :run
end
# Then manage nscd separately
template "/etc/nscd.conf" do
source "nscd.conf.erb"
owner "root"
group "root"
mode "0644"
notifies :restart, "service[nscd]"
end
After deployment, check config file status:
sudo debconf-show dpkg
sudo grep -r "conffile" /var/lib/dpkg/